Description
Hans Aikema opened MDEP-973 and commented
Currently the analyze-report goals makes the build fail when there is a usedDependency defined for a dependency that in past was only used at test-runtime, but due to new development has transitioned to visible use to the plugin.
This was uncovered looking into jeremylong/DependencyCheck#7362
analyze-report fails with error
[ERROR] Failed to execute goal org.apache.maven.plugins:maven-site-plugin:3.21.0:site (default-site) on project dependency-check-core: Error generating maven-dependency-plugin:3.8.1:analyze-report report: Cannot analyze dependencies: Trying to force use of dependencies which are declared but already detected as used: [ch.qos.logback:logback-classic] -> [Help 1]
As we started using logback classes directly in testcode, whereas previously logback-classic was merely the log-implementation that happened to be configured and used at runtime in tests.
In my view such a case should not yield an error causing build failure, but a warning that an unneeded force-usage is configured.
No further details from MDEP-973